diff --git a/sepolicy/domain.te b/sepolicy/domain.te
new file mode 100644
index 00000000..b1fc15ee
--- /dev/null
+++ b/sepolicy/domain.te
@@ -0,0 +1,5 @@
+allow domain block_device:dir { search getattr }; 
+allow domain block_device:blk_file getattr;
+allow domain cache_block_device:blk_file getattr;
+allow domain userdata_block_device:blk_file getattr;
+allow domain fuse_device:chr_file getattr;
diff --git a/sepolicy/qcom/domain.te b/sepolicy/qcom/domain.te
new file mode 100644
index 00000000..5af099fe
--- /dev/null
+++ b/sepolicy/qcom/domain.te
@@ -0,0 +1,2 @@
+allow domain persist_file:dir getattr;
+allow domain persist_block_device:blk_file getattr;
diff --git a/sepolicy/qcom/thermal-engine.te b/sepolicy/qcom/thermal-engine.te
index e616275d..8f8967e2 100644
--- a/sepolicy/qcom/thermal-engine.te
+++ b/sepolicy/qcom/thermal-engine.te
@@ -1,4 +1,7 @@
 allow thermal-engine self:netlink_kobject_uevent_socket create_socket_perms;
 r_dir_file(thermal-engine, sysfs_rqstats);
 
+allow thermal-engine sysfs_battery_supply:file rw_file_perms;
+allow thermal-engine sysfs_battery_supply:dir r_dir_perms;
+
 allow thermal-engine self:capability { net_admin } ;